With Docker containers now set to explode across the enterprise, IT organizations will soon find themselves scrambling to find ways to manage and secure them. At the DockerCon Europe 2015 conference this week, Docker moved to address both issues.
Via the launch today of version 1.0 of a Docker Universal Control Plane, organizations deploying Docker containers now have a service that is tightly integrated with Docker Registry software through which they can manage Docker containers regardless of where and how they are deployed. Scott Johnston, senior vice president of product for Docker, says the end goal is to give IT organizations much more granular control over what is expected to soon be thousands of Docker containers running in public and private clouds made up of both virtual and bare-metal servers.
In addition to making it simpler to manage those containers, Docker earlier this week updated the Docker Content Trust, a framework through which developers can attach digital signatures to containers to let IT operations teams know that a particular Docker container has been validated to be deployed.
New additions to that framework include support for user namespaces to provide the ability to separate container and Docker daemon-level privileges in a way that enables IT operations teams to assign privileges for each container by user group. That means containers themselves don’t have access to root on the host; only the Docker daemon does. IT operations can also now lock down hosts to a restricted group of sysadmins per security best practices.
Docker is providing support for content integrity with image scanning and vulnerability detection as well as hardware signing of container images for trusted content via a partnership with Yubico.
Coupled with the recent acquisition of Tutum to make it simpler to create workflows surrounding the deployment of Docker containers, it’s clear that Docker is turning its attention to many of the IT operational issues associated with deploying and managing Docker containers in production environments. It may still be a while before those applications show up en masse in the enterprise. But at this juncture, it’s only a matter of time before they do.